Hari Prasad Koguru

• Lead end-to-end gap assessments for frameworks, including SOC 2 and ISO 27001.
• I have demonstrated proficiency in team management, overseeing teams comprising three members.
• Manage the delivery of end-to-end projects to define timelines and Integrated Management System standards.
• Managed third-party risk assessments and vendor due diligence.
• Delivered audit reports and presented key findings to senior management and audit committees, facilitating timely remediation plans.
• Manage and review organization-wide risk register and policy exceptions, ensuring alignment with ISO 31000 and internal governance policies for various clients for whom I act as vCISO. Drive periodic re-assessment of accepted risks; support stakeholder discussions on remediation plans.
• Lead client-facing security conversations, respond to customer questionnaires, and manage in-person trust-building sessions.
• Provided support in enhancing the in-house GRC product by aligning it with compliance frameworks and developing and cross-framework mapping.

• Responsible for the complete end-to-end implementation of standards like ISO 27001:2022, SOC 2 Type 1, and Type 2.
• Conducted SOC 2 audits for various clients and drafted SOC 2 Type 1 and Type 2 reports. Audited and drafted SOC 2 Type 2 for more than 20 clients.
• Understanding the organization's requirements, planning and designing governance structures, policies, procedures, other documentation, and selecting technology products or services, as well as conducting audits.
• Led internal audits to ensure the effectiveness of the ISMS and compliance with ISO 27001 standards, documenting findings and corrective actions.
• Provided support during external audits, ensuring audit readiness by maintaining comprehensive evidence logs and assisting auditors with required documentation.
• Achieved ISO 27001 certification for clients with no major non-conformities.

Risk Assessment and Management

• Conducted periodic risk assessments for various industries, including Insurance providers, healthcare, and banking, identifying critical threats, vulnerabilities, and business impacts.
• Developed comprehensive risk registers, performed risk analysis using ISO 31000 principles, and prioritized risks based on likelihood and impact.
• Designed actionable Risk Treatment Plans by recommending and tracking mitigation measures to reduce risk by 35-50%.
• Collaborated with stakeholders to reassess residual risks post-treatment and maintain risk registers aligned with ISO 27001:2022 standards.

• I have assisted in the implementation of ISO 27001:2013 for the client.
• I have been part of internal and external audits, and I helped clients achieve successful ISO 27001:2013 certificates.
• I have conducted comprehensive risk assessments across multiple departments.
• Drafting and implementing information security policies and procedures to meet the standard requirements suited to the organization's needs.
• Conducting risk assessments, information security audits, vendor audits, and third-party risk assessments.
• Validated evidence was submitted for ISO/IEC 27001:2013 compliance as part of sustenance activities, ensuring adherence to standard requirements.